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Claim 1 : Original- Pending - Not Amended 
Claim 2: Original- Pending - Not Amended 
Clairh3: Original- Pending -Not Amended 
Claim 4: Original- Pending - Amended 

Support: Per claim 4, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
PoP (col. 9 lines 4-15). 
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Claim 5: Original- Pending - Not Amended 
Claim 6: Original- Pending - Not Amended 
Claim 7: Original- Pending - Not Amended 
Claim 8: Original- Pending - Not Amended 



Claim 9: Original- Pending - Amended 

Support: Per claim 9, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
Pop (col. 9 lines 4-15). 

Claim 10: Original- Pending - Not Amended 
Claim 1 1 : Original- Pending - Not Amended 
Claim 1^: Original- Pending - Not Amended 
Claim 13: Original- Pending - Amended 

Support: Per claim 13, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
PoP (col. 9 lines 4-15). 

Claim 14: Original- Pending - Not Amended 

Claim 15: Original- Pending - Not Amended 
Claim 16: Original- Pending - Not Amended 
Claim 17: Original- Pending - Amended 

Support: Per claim 17, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of EP addresses if tiie user's domain does not correspond to that of the 
PoP (col. 9 lines 4-15). 

Claim 18: Original- Pending - Not Amended 
Claim 19: Original- Pending - Not Amended 
Claim 20: Original- Pending - Not Amended 
Claim 21: Original- Pending - Amended 

Support: Per claim 21, the original patent specification shows assigning an P address to the user 
from a local DHCP pool of IP addresses if die user's domain does not correspond to that of the 
PoP (col. 9 lines 4-15). 
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Claim 22: Original- Pending - Not Amended 
Claim 23 : Original- Pending - Not Amended 
Claim 24: Original- Pending - Not Amended 



Claim 25: Original- Pending - Amended 

Support: Per claim 25, the original patent specification shows 

a method of managing network access requests to a data communications network, said method 
comprising: 

receiving at a protocol gateway in a point of presence (PoP) of the data communications network 

a network access request from a user through a network access server (NAS) (col. 8 lines 

46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 1 14); 
parsing the network access request for an identification of the user's domain (coi. 9 lines 38-39, 

and FIG. 1 1 reference numeral 1 16); 
routing the network access request to an authentication, authorization and accounting (AAA) 

service associated with the PoP if the user's domain corresponds to that of the PoP (col. 9 

lines 39-41, and FIG. 1 1 reference numeral 118); 
looking up a domain identification entry corresponding to the user's domain in a database if the 

user's domain does not correspond to that of the PoP (col. 9 lines 46-49, and FIG. 1 1 

reference numeral 122); 
proxying the network access request to an AAA service in the user's domain at an address and 

port as specified in the domain identification entry of the database if the user's domain does 

not correspond to that of flie PoP (col. 9 lines 50-52, and FIG. 1 1 reference numeral 124); 

and 

assigning an IP address to the user from a local DHCP pool oif IP addresses if the user's domain 
does not correspond to that of the PoP (col. 9 lines 4-15). 

Claim 26: Original- Pending - Not Amended 

Claim 27: Original- Pending - Not Amended 

Claim 28: Original- Pending - Amended 

Support: Per claim 28, the original patent specification shows said proxy database populated at 
instantiation of said proxy service by receiving information pubhshed by said publisher fixsm 
said central database (col. 9 lines 16-31, FIG. 10 reference numeral 108). 

Claim 29: Original- Pending - Not Amended 

Claim 30: Original- Pending - Amended 

Support: Per claim 30, the original patent specification shows said proxy databases populated at 
instantiation of said respective proxy services by receiving information published by said 
pubUsher fix>m said central database (col. 9 lines 16-31, FIG. 10 reference numeral 108). 
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Claim 31: New- Pending 

Support: Per claim 3 1 , the original patent specification shows 
a method for managing network access to a data communications network, said method 
comprising: 

maintaining a central database coupled to the data communications network (col. 8 lines 37-45); 

maintaining at least a first authentication, authorization and accounting (AAA) service at a first 
point of presence (PoP) of the data communications network and a second AAA service at a 
second PoP of the data communications network (col. 6 lines 61-65, and FIG. 7 reference 

numerals 32 and 30c); 

configuring a database associated with the first AAA service from the central database by 

transporting information from the central database over the data communications network to 
the database associated with the first AAA service (col. 9 lines 16-31); and 

configuring a database associated with the second AAA service from the central database by 
transporting information from the central database over the data commimications network to 
the database associated with the second AAA service (col. 9 lines 16-31). 

Claim 32: New- Pending 

Support: Per claim 32, the original patent specification shows periodically updating the database 
associated with the first AAA service from the cenfral database by transporting information from 
the cenfral database over the data communications network to the database associated with the 
first AAA service (col. 8 lines 36-45, FIG. 7 reference numerals 18, 22, 28c, and 30c). 

Claim 33; New- Pending 

Support: Per claim 33, the original patent specification shows periodically updating the database 
associated with the second AAA service from the central database by fransporting information 
from the cenfral database over the data communications network to the database associated with 
the second AAA service (col. 8 lines 36-45, FIG. 7 reference numerals 18, 22, 28c, and 30c). 

Claim 34: New- Pending 

Support: Per claim 34, the original patent specification shows 

receiving at a protocol gateway in the first PoP a network access request from a user through a 
network access server (NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 11 reference 
numeral 1 14); 

parsing the network access request for an identification of the user's domain (col. 9 lines 38-39, 

and FIG. 11 reference numeral 116); 
routing the network access request to the first AAA service at the first PoP if the user's domain 

corresponds to that of the first PoP (col. 9 lines 39-41, and FIG. 1 1 reference numeral 1 18); 
looking up a domain identification entry corresponding to the user's domain in the first AAA 

service's database if the user's domain does not correspond to that of the first PoP (col. 9 

lines 46-49, and FIG. 1 1 reference numeral 122); 
proxying the network access request to an AAA service in the user's domain at an address and 

port as specified in the domain identification entry of the database if the user's domain does 

not correspond to that of the first PoP (col. 9 lines 50-52, and FIG. 1 1 reference numeral 

124). 
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Claim 35: New- Pending 

Support: Per claim 35, the original patent specification shows obtaining an IP address for the 
user from the AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 36: New- Pending 

Support: Per claim 36, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 37: New- Pending 

Support: Per claim 37, the original patent specification shows assigning an IP address to the user 
from an IP address pool identified in an access-accept packet received fix)m the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col, 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 38: New- Pending 

Support: Per claim 38, the original patent specification shows 

a method for managing network access to a data communications network, said method 

comprising: 

maintaining a central database coupled to the data communications network (col. 8 lines 37-45); 

maintaining a plurality of first authentication, authorization and accounting (AAA) services at a 
first point of presence (PoP) of the data communications network and a second AAA service 
at a second PoP of the data communications network (col. 6 lines 61-65, and FIG. 7 
reference numerals 32 and 30c); 

configuring one or more databases associated with the first AAA services &om the central 
database by transporting information fix}m the central database over tiie data 
communications network to the database(s) associated with the first AAA services (col. 9 
lines 16-31); and 

configuring a database associated with the second AAA service &om the central database by 
transporting information from the central database over the data communications network to 
the database associated with the second AAA service (col. 9 lines 16-31). 

Claim 39: New- Pending 

Support: Per claim 39, the original patent specification shows 

receiving at a protocol gateway in the first PoP a network access request from a user through a 
network access server (NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference 
numeral 114); 

parsing the network access request for an identification of the user's domain (col. 9 lines 38-39, 
and FIG. 1 1 reference numeral 1 16); 

routing the network access request to one of said plurality of first AAA services at the first PoP if 
the user's domain corresponds to that of the first PoP while load balancing among said 
plurality of first AAA services (col, 9 lines 39-41 , and FIG. 1 1 reference numeral 118); 
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looking up a domain identification entry corresponding to the user's domain in one of said 
plurality of first AAA service's database(s) if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 46-49, and FIG. 1 1 reference numeral 122); 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the domain identification entry of the database if the user's domain does 
not correspond to that of the first PoP (col. 9 lines 50-52, and FIG. 1 1 reference numeral 
124). 

Claim 40: New- Pending 

Support: Per claim 40, the original patent specification shows obtaining an IP address for the 
user fi-om the AAA service in the user's domain if the user's domain does not correspond to that 

of the first PoP (col. 9 lines 52-53). 

Claim 41: New- Pending 

Support: Per claim 41, the original patent specification shows assigning an IP address to the user 
fix)m a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 42: New- Pending 

Support: Per claim 42, the original patent specification shows assigning an JP address to the user 
fi-om an IP address pool identified in an access-accept packet received fi-om the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 

col. 9 line 3, col. 9, lines 9-15). 

Claim 43: New- Pending 

Support: Per claim 43, the original patent specification shows 

a method for managing network access to a data communications network, said method 

comprising: 

maintaining a central database coupled to the data communications network, said central 
database containing access information for authentication, authorization and accoimting 
(AAA) services associated with domains of the data communications network (col. 8 lines 
37-45); 

maintaining at a first point of presence (PoP) of the data communications network at least one 
first AAA service (col. 6 lines 61-65, and FIG. 7 reference numerals 32 and 30c) and at least 
one first proxy service (FIG. 7 reference numeral 28b) and at least one first protocol 
gateway (FIG. 7 reference numeral 30a) in communication with a network access server 
(NAS) (FIG. 7); 

periodically transporting information contained in the central database fijom the central database, 
over the data communications network, to the first AAA service(s) (col. 8 lines 36-45, FIG. 
7 reference numerals 18, 22, 28c, and 30c), the first proxy service(s) (FIG. 7 reference 
numeral 30b) and the first protocol gateway(s) (FIG. 7 reference numeral 30a); 

receiving at a protocol gateway in the first PoP a network access request fi-om a user through a 
network access server (NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference 
numeral 114); 
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parsing the network access request at the first protocol gateway for an identification of the user's 

domain (col. 9 lines 38-39, and FIG. 1 1 reference numeral 116); 
routing the network access request to an AAA service at the first PoP if the user's domain 

corresponds to that of the first PoP (col. 9 lines 39-41, and FIG. 11 reference numeral 118); 
looking up access information within a domain identification entry corresponding to the user's 

domain in a database associated with the first proxy server if the user's domain does not 

correspond to that of the first PoP (col. 9 lines 46-49, and FIG. 1 1 reference numeral 122); 

and 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the access information if the user's domain does not correspond to that of 
the first PoP (col. 9 lines 50-52, and FIG. 1 1 reference numeral 124). 

Claim 44: New- Pending 

Support: Per claim 44, the original patent specification shows obtaining an IP address for the 
user from an AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 45: New- Pending 

Support: Per claim 45, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of IP addresses if tiie user's domain does not correspond to that of the 

first PoP (col. 9 lines 4-15). 

Claim 46: New- Pending 

Support: Per claim 46, the original patent specification shows assigning an IP address to the user 
fix>m an BP address pool identified in an access-accept packet received from the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 47: New- Pending 

Support: Per claim 47, the original patent specification shows 

a method for managing network access requests to a data commuiucations network, said method 
comprising; 

receiving at a protocol gateway in a first point of presence (PoP) of the data communications 
network a network access request from a user received through a network access server 
(NAS) (col. 8 Hnes 46-50, col. 9 lines 36-38, and FIG. 11 reference numeral 114); 

parsing the network access request for an identification of the user's domain (col, 9 lines 38-39, 
and FIG. 1 1 reference nimieral 1 16); 

routing the network access request to one of the plurality of authentication, autiiorization and 
accounting (AAA) services associated witii the first PoP if the user's domain corresponds to 
that of the first PoP while load balancing among the plurality of AAA services (col. 9 lines 
39-41, and FIG. 1 1 reference numeral 118); 

looking up a domain identification entry corresponding to the user's domain in a database 

associated with the one AAA if the user's domain does not correspond to that of the first PoP 
(col. 9 lines 46-49, and FIG. 1 1 reference numeral 122); 
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proxying the network access request via one of a plurality of proxy services to an AAA service 
in the user's domain at an address and port as specified in the domain identification entry of 
the database if the user's domain does not correspond to that of the first PoP while load 
balancing among the plurality of proxy services (col. 9 lines 50-52, and FIG. 1 1 reference 
nximeral 124). 

Claim 48: New- Pending 

Support: Per claim 48, the original patent specification shows obtaining an IP address for the 
user fi-om the AAA service in the user's domain if the user's domain does not correspond to that 

of the first PoP (col. 9 lines 52-53). 

Claim 49: New- Pending 

Support: Per claim 49, the original patent specification shows assigning an IP address to the user 
from a local DHCP pool of TP addresses if the user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 50: New- Pending 

Siq)port: Per claim 50, the original patent specification shows assigning an IP address to the user 
from an IP address pool identified in an access-accept packet received fijom the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col 9 line 3, col. 9, lines 9-15). 

Claim 51: New- Pending 

Support: Per claim 51, the original patent specification shows 
a method for managing network access to a data commimications network, said method 
comprising: 

maintaining a central database, said central database containing access information for 

authentication, authorization and accounting services associated with domains of the data 

commimications network (col. 8 lines 37-45); 
maintaining at a first point of presence (PoP) of the data commimications network a plurality of 

AAA service at least one AAA service (col: 6 lines 61-65, and FIG. 7 reference numerals 

32 and 30c) and at least one proxy service (FIG. 7 reference numeral 28b) and at least one 

protocol gateway (FIG. 7 reference numeral 30a) in communication with a network access 

server (NAS) (FIG. 7); 
periodically transmitting information contained in said central database over the data 

communications network to said AAA (col. 8 lines 36-45, FIG. 7 reference numerals 18, 22, 

28c, and 30c) and said proxy service (FIG. 7 reference numeral 28b); 
receiving at a protocol gateway in the PoP a network access request from a user through a 

network access server (NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference 

numeral 1 14); 

parsing the network access request at the protocol gateway for an identification of the user's 
domain (col. 9 lines 38-39, and FIG. 1 1 reference numeral 1 16); 

routing the network access request to one of said plurality of AAA services at the fu^st PoP if the 
user's domain corresponds to that of the first PoP while load balancing among said plurality 
of AAA services (col. 9 lines 39-41, and FIG. 1 1 reference numeral 118); 
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looking up access information within a domain identification entry corresponding to the user's 
domain in a database associated with one of said plurality of proxy services if the user's 
domain does not correspond to that of the first PoP while load balancing among said 
plurality of proxy services (col. 9 lines 46-49, and FIG. 1 1 reference numeral 122); and 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the access information if the user's domain does not correspond to that of 
the first PoP (col. 9 lines 50-52, and FIG. 11 reference numeral 124). 

Claim 52: New- Pending 

Support: Per claim 52, the original patent specification shows obtaining an IP address for the 
user from an AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 53: New- Pending 

Support: Per claim 53, the original patent specification shows assigning an IP address to the user 
fi'om a local DHCP pool of IP addresses if ttie user's domain does not correspond to that of the 
first PoP (col. 9 lines 4-15). 

Claim 54: New- Pending 

Support: Per claim 54, the original patent specification shows assigning an IP address to the user 
fi-om an IP address pool identified in an access-accept packet received fix)m the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 55: New- Pending 

Support: Per claim 55, the original patent specification shows 

a method for managing network access requests to a data conmiimications network, said method 
comprising: 

periodically transmitting updating information contained in a central database over the data 
conummications network to an authentication, authorization and accounting (AAA) service 
associated with a first point of presence (PoP) of the data communications network (col. 8 
lines 36-45, FIG. 7 reference numerals 18, 22, 28c, and 30c); 

receiving at a protocol gateway in the first point of presence (PoP) of the data communications 
network a network access request fi-om a user received through a network access server 
(NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 114); 

parsing the network access request for an identification of the user's domain (col. 9 lines 38-39, 
and FIG. 11 reference numeral 116); 

routing the network access request to the AAA service associated with the first PoP if the user's 
domain corresponds to that of the fiist PoP (col. 9 lines 39-41, and FIG. 1 1 reference 
numeral 118); 

looking up a domain identification entry corresponding to the user's domain in a database if the 
user's domain does not correspond to that of the first PoP (col. 9 lines 46-49, and FIG. 1 1 
reference numeral 122); 

proxying the network access request to an AAA service in the user's domain at an address and 
port as specified in the domain identification entry of the database if the user's domain does 
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not correspond to that of the first PoP (col, 9 lines 50-52, and FIG. 1 1 reference numeral 
124). 

Claim 56: New- Pending 

Support: Per claim 56, the original patent specification shows obtaining an IP address for the 
user fi-om the AAA service in the user's domain if the user's domain does not correspond to that 
of the first PoP (col. 9 lines 52-53). 

Claim 57: New- Pending 

Support: Per claim 57, the original patent specification shows assigning an IP address to the user 
fi-om a local DHCP pool of IP addresses if the user's domain does not correspond to that of the 

first PoP (col. 9 lines 4-15). 

Claim 58: New- Pending 

Support: Per claim 58, the original patent specification shows assigning an IP address to the user 
fiiom an IP address pool identified in an access-accept packet received from the user's domain's 
AAA service if the user's domain does not correspond to that of the first PoP (col. 8 line 64 to 
col. 9 line 3, col. 9, lines 9-15). 

Claim 59: New- Pending 

Support: Per claim 59, the original patent specification shows 

a system for data communications network access management, comprising: 

a central database containing information identifying access information for authentication, 

authorization and accounting (AAA) services associated with domains of the data 

communications network (col. 8 lines 37-45); 
a first point of presence (PoP) on the data communications network, said first PoP including a 

protocol gateway in communication with at least one network access server (NAS) (col. 6 

line 61 to col 7 line 42, FIG. 7 reference numerals 32 and 30a); 
an AAA service associated with said first PoP and in communication with said protocol gateway 

and the data communications network (col. 6 lines 61-65, and FIG. 7 reference numerals 32 

and 30c); 

a proxy service associated with the first PoP and in conununication with said protocol gateway 
and the data communications network (col. 6 line 61 to col 7 line 42, FIG. 7 reference 
numerals 30a, 30b, and 32), 

a transmitter, said transmitter transmitting information fi-om said central database to said AAA 
service at said first PoP and said proxy service at said first PoP over the data 
communications network (col. 6 lines 35-60, FIG. 7 reference numerals 18, 22, 24, 28b, 30c, 
and 32); 

said protocol gateway receiving network access requests fijom users over the NAS, parsing the 
requests for domain identification and routing the requests for domains other than those 
associated with the first PoP to the proxy service (col. 9 lines 38-39, and FIG. 1 1 reference 
numeral 116), 

said "proxy service routing network access requests to AAA services in remote domains in 
accordance with said access information (col. 4 lines 49-52, col. 9 lines 42-46). 
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Claim 60: New- Pending 

Support: Per claim 60, the original patent specification shows 

an AAA database associated with said AAA service at said first PoP (col. 6 lines 61-65, and FIG. 

7 reference numerals 32 and 30c); 
a proxy database associated with said proxy service at said first PoP (FIG. 7 reference numeral 

30b), 

said AAA database populated at instantiation of said AAA service by receiving information 

transmitted by said transmitter fijom said central database (col. 9 lines 16-31, FIG. 9 

reference nimieral 102), 
said proxy database populated at instantiation of said proxy service by receiving information 

transmitted by said transmitter fix)m said database (col. 9 lines 16-31, FIG. 10 reference 

numeral 108). 

Claim 61: New- Pending 

Support: Per claim 61, the original patent specification shows 

a system for data communications network access management, comprising: 

a central database containing information identifying access information for authentication, 

authorization and accounting (AAA) services associated with domams of the data 

communications network (col. 8 lines 37-45); 
a first point of presence (PoP) on the data commimications network, said first PoP including a 

protocol gateway in communication with at least one network access server (NAS) (col. 6 

line 61 to col 7 line 42, FIG. 7 reference numerals 32 and 30a); 
a plurality of AAA services associated with said first PoP and in communication with said 

protocol gateway (col. 6 lines 61-65, and FIG. 7 reference numerals 32 and 30c), said AAA 

services subscribing to information published by said publisher (col. 7 lines 45-53); 
a plurality of proxy services associated with said first PoP and in communication with said 

protocol gateway, said proxy services subscribing to information published by said publisher 

(col. 7 lines 45^53); and 
a transmitter, said transmitter transmitting information fix>m said central database over the data 

communications network to said plurality of AAA services associated with said first PoP 

and to said plurality of proxy services associated with said first PoP (col. 6 lines 35-60, FIG. 

7 reference numerals 22, 24, 28b, 30c, and 32), 
said protocol gateway receiving network access requests fi-om users over the NAS, parsing the 

requests for domain identification (col. 9 lines 38-39, and FIG. 1 1 reference numeral 1 16) 

and routing the requests for domains other than those associated with the first PoP to one of 

said plurality of proxy services while load balancing among them, 
said proxy service routing network access requests to AAA services in remote domains in 

accordance with said access information (col. 4 lines 49-52, col. 9 lines 42-46). 

Claim 62: New- Pending 

Support: Per claim 62, the original patent specification shows 

a plurality of AAA databases associated with said respective AAA services at said first PoP (col. 

6 lines 61-65, and FIG. 7 reference numerals 32 and 30c); and 
a plurality of proxy databases associated with said respective proxy services at said first PoP, 



11 of 18 



Docket No.: CISCO-8363 
(REISSUE OF CISCO-0737) 
032590-000223 

said AAA databases populated at instantiation of said respective AAA services by receiving 

information transmitted by said transmitter from said central database (col. 9 lines 16-31, 

FIG. 9 reference numeral 102), 
said proxy databases populated at instantiation of said respective proxy services by receiving 

information transmitted by said transmitter firom said central database (col, 9 lines 16-31, 

FIG. 10 reference numeral 108). 

Claim 63: New- Pending 

Support: Per claim 63, the original patent specification shows 

a system for managing access to a data communications network, said system comprising: 
means for communicating with a central database via the data communications network, the 

central database containing information identifying access information for authentication, 

authorization and accounting (AAA) services associated with domains of the data 

communications network (col. 8 lines 37-45, FIG. 7 reference numeral 22); 
means for communicating with a local AAA service associated with a local Point of Presence 

(PoP) (col. 6 lines 61-65, and FIG. 7 reference numerals 32, 30c, and 22); 
means for communicating with a remote AAA service via a local proxy service (col. 9 lines 42- 

53, FIG. 7 reference numerals 22 and 30b); 
means for instantiating the local AAA service from the central database (col. 9 lines 16-31, FIG. 

9 reference numeral 102); 
means for receiving a network access request from a user through a local network access server 

(NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 1 14); 
means for checking the network access request to determine an identification of the user's 

domain (col. 9 lines 38-39, and FIG. 1 1 reference numeral 1 16); 
means for routing the network access request to the local AAA service if the user's domain 

corresponds to that of the local PoP (col. 9 lines 39-41, FIG. 1 1 reference numeral 1 18, FIG. 

7 reference numeral 22); 
means for looking up a domain identification entry corresponding to the user's domain in the 

local AAA service's database if the user's domain does not correspond to that of the local 

PoP (col. 9 lines 46-49, FIG. 1 1 reference numeral 122, FIG. 7 reference numeral 34); and 
means for proxying the network access request to a remote AAA service in the user's domain at 

an address and port as specified in the domain identification entry of the database if the 

user's domain does not correspond to that of the local PoP (col. 9 lines 50-52, FIG. 11 

reference numeral 124, and FIG. 7 reference numeral 30b). 

Claim 64: New- Pending 

Support: Per claim 64, the original patent specification shows 

a system for managing access to a data communications network, said system comprising: 
means for communicating with a central database via the data communications network, the 
central database containing information identifying access information for authentication, 
authorization and accounting (AAA) services associated with domains of the data 
communications networic (col. 8 lines 37-45, FIG. 7 reference nxuneral 22); 
means for communicating with a plurality of local AAA services associated with a local Point of 
Presence (PoP) (col. 6 lines 61-65, and FIG. 7 reference numerals 32, 30c, and 22); 
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means for communicating with a plurality of local proxy services associated with the local PoP 

(FIG. 7 reference numerals 22 and 28b); 
means for communicating with a remote AAA service via a local proxy service (col. 9 lines 42- 

53, FIG. 7 reference numerals 22 and 30b); 
means for instantiating the local AAA services from the central database (col. 9 lines 16-31, FIG. 

9 reference numeral 102); 
means for instantiating the local proxy services from the central database (col. 9 lines 16-31, 

FIG. 10 reference numeral 108); 
means for receiving a network access request from a user through a local network access server 

(NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 1 1 reference numeral 1 14); 
means for checking the network access request to determme an identification of the user's 

domain (col. 9 lines 38-39, and FIG. 1 1 reference numeral 1 16); 
means for routing the network access request to the local AAA service if the user's domain 

corresponds to that of the local PoP (col. 9 lines 39-41, FIG. 1 1 reference numeral 118, FIG. 

7 reference numeral 22); 
means for looking up a domain identification entry corresponding to the user's domain v^th the 

local AAA services if the user's domain does not correspond to that of the local PoP (col. 9 

lines 46-49, FIG. 1 1 reference numeral 122, FIG. 7 reference numeral 34); 
means for proxying the network access request to a remote AAA service in the user's domain at 

an address and port as specified in the domain identification entry of the local AAA services' 

database if the user's domain does not correspond to that of the local PoP (col. 9 lines 50-52, 

FIG. 1 1 reference numeral 124, and FIG. 7 reference numeral 30b); and 
means for receiving network access requests from users over a network access server (NAS), 

parsing the requests for domain identification (col. 9 lines 38-39, and FIG. 1 1 reference 

numeral 1 1 6) and routing the requests for domains other than those associated with the first 

PoP to one of said plurality of proxy services while load balancing among them, 
said proxy service routing network access requests to the remote AAA service in accordance 

with said access information (col. 4 lines 49-52, col. 9 lines 42-46). 

Claim 65: New- Pending 

Support: Per claim 65, the original patent specification shows 

a method for accounting for use of a data communications network, said method comprising: 

means for communicating with a central database via the data communications network, the 
central database containing information identifying access information for authentication, 
authorization and accounting (AAA) services associated with domains of the data 
communications network (col. 8 lines 37-45, FIG. 7 reference numeral 22); 

means for communicating with at least one local AAA service associated with a local Point of 
Presence (PoP) (col. 6 lines 61-65, and FIG. 7 reference numerals 32, 30c, and 22); 

means for communicating witii a remote AAA service (col. 9 lines 42-53, FIG. 7 reference 
numerals 22 and 30b); 

means for instantiating the local AAA services bom the central database (col. 9 lines 16-31, FIG. 

9 reference numeral 102); 
means for receiving a network access request from a user through a local networic access server 

(NAS) (col. 8 lines 46-50, col. 9 lines 36-38, and FIG. 11 reference numeral 114); 
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means for checking the network access request to determine an identification of the user's 

domain (col. 9 lines 38-39, and FIG. 1 1 reference numeral 1 16); 
means for routing accounting information associated with the user to the local AAA service if 

the user's domain corresponds to that of the local PoP (col. 10 lines 18-20, FIG. 13 reference 

numeral 136); 

means for looking up a domain identification entry corresponding to the user's domain with the 
local AAA services if the user's domain does not correspond to that of the local PoP (col. 10 
lines 20-23, FIG. 13 reference numeral 138); 

means for routing the accounting information to a remote AAA service in the user's domain at an 
address and port as specified in the domain identification entry of the local AAA services' 
database if the user's domain does not correspond to that of the local PoP (col. 10 lines 20- 
23, FIG. 13 reference numeral 138). 

Claim 66: New- Pending 

Support: Per claim 66, the original patent specification shows 

a method for managing network access accounting in a data communications network, said 
method comprising: 

maintaining a central database coupled to the data communications network (col. 8 lines 37-45); 
maintaining at least a local authentication, authorization and accounting (AAA) service at a local 

point of presence (PoP) of the data communications network (col. 6 lines 61-65, and FIG. 7 
. reference numerals 32 and 30c); 
configuring a database associated with the local AAA service fi-om the central database by 

transporting information fi-om the central database over the data communications network to 

the database associated with the local AAA service (col. 9 lines 16-31); 
receiving accoimting information from a network access server (NAS) responsive to utilization 

of the data communications network by a user coupled to the data communications network 

through the NAS (col. 10 lines 14, FIG. 13 reference numeral 132); 
forwarding said accounting information to the local AAA service if the user's domain 

corresponds to that of the local PoP (col. 10 lines 18-20, FIG. 13 reference numeral 136); 

and 

forwarding said accounting information to a remote AAA service in the user's domain at an 
address and port as specified in the domain identification entry of the local AAA service's 
database if the user's domain does not correspond to that of the local PoP (col. 10 lines 20- 
23, FIG. 13 reference numeral 138). 

Claim 67: New- Pending 

Support: Per claim 67, the original patent specification shows 

an apparatus for managing network access accounting in a data communications network, said 
apparatus comprising: 

means for maintaining a central database coupled to the data communications network (col. 8 
lines 37-45); 

means for maintaining at least a local authentication, authorization and accounting (AAA) 
service at a local point of presence (PoP) of the data commimications network (col. 6 lines 
6 1 -65, and FIG. 7 reference numerals 32 and 30c); 
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means for configuring a database associated with the local AAA service from the central 
database by transporting information from the central database over the data 
communications network to the database associated with the local AAA service (col. 9 lines 
16-31, FIG. 7 reference numeral 16); 

means for receiving accoimting information from a network access server (NAS) responsive to 
utilization of the data communications network by a user coupled to the data 
communications network through the NAS (col. 10 lines 14, FIG. 13 reference numeral 
132); 

means for forwarding said accounting information to the local AAA service if the user's domain 
corresponds to that of the local PoP (col. 10 lines 18-20, FIG. 13 reference numeral 136); 
and 

means for forwarding said accounting information to a remote AAA service in the user's domain 
at an address and port as specified in the domain identification entry of the local AAA 
service's database if the user's domain does not correspond to that of the local PoP (col. 10 
lines 20-23, FIG. 13 reference numeral 138). 

Claim 68: New- Pending 

Support: Per claim 68, the original patent specification shows 
a system for managing network access to a data communications network, said method 
comprising: 

a central database coupled to the data commimications network (col. 8 lines 37-45); 

at least a first authentication, authorization and accounting (AAA) service at a first point of 
presence (PoP) of the data communications network and a second AAA service at a second 
PoP of the data communications network (col. 6 lines 61-65, and FIG. 7 reference numerals 
32 and 30c); and 

a database configurer configuring a database associated with the first AAA service from the 
central database by transporting information fix>m the central database over the data 
communications network to the database associated with the first AAA service and 
configuring a database associated with the second AAA service fcom the central database by 
transporting information fix)m the central database over the data communications network to 
the database associated with the second AAA service (col. 9 lines 16-31, FIG. 7 reference 
numeral 16). 

Claim 69: New- Pending 

Support: Per claim 69, the original patent specification shows 

an apparatus for managing network access to a data communications network, said method 
comprising: 

means for maintaining a central database coupled to the data communications network (col. 8 
lines 37-45); 

means for maintaining at least a first authentication, authorization and accounting (AAA) service 
at a first point of presence (PoP) of the data conmiunications network and a second AAA 
service at a second PoP of the data communications network (col. 6 lines 61-65, and FIG. 7 
reference numerals 32 and 30c); 

means for configuring a database associated with the first AAA service from the central database 
by transporting information from the cenfral database over the data communications network 
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to the database associated with the first AAA service (col. 9 lines 16-31, FIG. 7 reference 
numeral 16); and 

means for configuring a database associated with the second AAA service fi-om the central 
database by transporting information fi-om the central database over the data 
commimications network to the database associated with the second AAA service (col. 9 
lines 16-31, FIG. 7 reference numeral 1 6). 

Claim 70: New- Pending 

Support: Per claim 70, the original patent specification shows 
a system for managing network access to a data communications network, said method 
comprising: 

a central database coupled to the data communications network (col. 8 lines 37-45); 

a plurality of first authentication, authorization and accounting (AAA) services disposed at a 
first point of presence (PoP) of the data communications network and a second AAA service 
disposed at a second PoP of the data communications network (col. 6 lines 61-65, and FIG. 
7 reference numerals 32 and 30c); 

a first database configurer configuring one or more databases associated with the first AAA 
services firom the central database by transporting information &om the central database 
over the data communications network to the databaise(s) associated with the first AAA 
services (col. 9 lines 16-31, FIG. 7 reference numeral 16); and 

a second dataijase configurer configuring a database associated with the second AAA service 
fi-om the central database by transporting information fi-om the central database over the data 
communications network to the database associated with the second AAA service (col. 9 
lines 16-31, FIG. 7 reference numeral 16). 

Claim 71: New- Pending 

Support: Per claim 71, the original patent specification shows 

an apparatus for managing network access to a data communications network, said method 

comprising: 

means for maintaining a central database coupled to the data communications network (col. 8 

lines 37-45); 

means for maintaining a plurality of first authentication, authorization and accounting (AAA) 
service at a first point of presence (PoP) of the data communications network and a second 
AAA service at a second PoP of the data communications network (col. 6 lines 61-65, and 
FIG. 7 reference numerals 32 and 30c); and 

means for configuring one or more databases associated with the first AAA services firom the 
central database by transporting information fi-om the central database over the data 
conununications network to the database(s) associated with the first AAA services (col. 9 
lines 16-31, FIG. 7 reference numeral 16); and 

means for configuring a database associated with the second AAA service fiom the central 
database by transporting information &om the central database over the data 
communications network to the database associated with the second AAA service (col. 9 
lines 16-31, FIG. 7 reference numeral 16). 
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Claim 72: New- Pending 

Support: Per claim 72, the original patent specification shows 
a system for managing network access to a data communications network, said method 
comprising: 

a central database coupled to the data communications network (col. 8 lines 37-45); 

a plurality of first authentication, authorization and accounting (AAA) services disposed at a 
first point of presence (PoP) of the data communications network and a second AAA service 
disposed at a second PoP of the data communications network (col. 6 lines 61-65, and FIG. 
7 reference numerals 32 and 30c); and 

a database configurer configuring one or more databases associated with the first AAA services 
fi-om the central database by transporting information from the central database over the data 
communications network to the database(s) associated with the first AAA services and 
configuring a database associated with the second AAA service from the central database by 
transporting information from the central database over the data communications network to 
the database associated with the second AAA service (col. 9 lines 16-31, FIG. 7 reference 
numeral 16). 

Claim 73: New- Pending 

Support: Per claim 73, the original patent specification shows 

an apparatus for managing network access to a data communications network, said method 

comprising: 

means for maintaining a central database coupled to the data communications network (col. 8 

lines 37-45); 

means for maintaining a plurality of first authentication, authorization and accounting (AAA) 
service at a first point of presence (PoP) of the data conmiimications network and a second 
AAA service at a second PoP of the data communications network (col. 6 lines 61-65, and 
FIG. 7 reference numerals 32 and 30c); and 

means for configuring one or more databases associated with the first AAA services &om the 
central database by transporting information from the central database over the data 
communications network to the database(s) associated with the first AAA services and for 
configuring a database associated with the second AAA service from the central database by 
transporting information from the central database over the data communications network to 
the database associated with the second AAA service (col. 9 lines 16-31, FIG. 7 reference 
numeral 16). 
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overpayment to Deposit Account No, 50-1698. 
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